Email harvesting virus crashes Google

 作者:戎奇     |      日期:2019-03-03 01:11:10
By Celeste Biever The Google web site was disabled for much of Monday after a new virus flooded its servers with search requests for email addresses. MyDoom.o, also known as MyDoom.m, was first detected at 1300 GMT. It also slowed or stopped traffic on three other major search engines – Lycos, Yahoo and Altavista. Google, in Mountain View, California, played down the impact: “The Google search engine experienced slowness for a short period of time because of the MyDoom virus,” said a statement. “A small percentage of our users and networks have been affected”. Yahoo also said the “effect of the virus was limited”. But Johannes Ullrich of the SANS Institute in Quincy, Massachusetts, described the Google site as “pretty much unavailable all day”. Lycos was also severely affected, he says, while Yahoo and Altavista weathered the attack with fewer delays. Ullrich spent Monday detecting and unravelling the virus’s code. Like previous versions of the virus, MyDoom.o rifles through the email address book of an infected computer to find its next victims. But it also extracts domain names, for example or, and feeds these into search engines, in the hope of harvesting new email addresses from message boards or personal home pages. “What we have got here is a virus which uses a whole new technique to find email addresses,” says Graham Cluley of antivirus software vendor Sophos in Oxfordshire, UK. The MyDoom.o attack on Google coincided with the company’s announcement that it will soon be selling its first shares, worth a total of $3.3 billion. The timing provoked speculation that the virus was an attempt to sabotage the company, says Ullrich. Google deals with an average of 2 million queries a day, making it by far the most popular search engine. But most antivirus vendors agree that what amounted to a distributed denial of service attack, was merely the side effect of a clever new strategy for propagating a virus. “They could have just set the virus to query Google and they didn’t,” reasons Alfred Huger of the Symantec response team in Calgary, Canada. Unlike many viruses, MyDoom.o does not exploit a software bug, but is spread when a user clicks on an email attachment. The virus also installs a “back door”, allowing a virus writer to control the computer remotely. Cunningly, the file is hidden in a message which appears to come from a system administrator, for example “the team at”. The email warns the user that his machine is being used as a spam bot. The virus is programmed to decrypt email addresses that have been carefully spelled out to try to avoid being harvested by a machine, for example “john dot smith at”. It also steals the identity of the computer that it has most recently infected and uses that as a disguise when using the search engine. This makes it difficult for sites like Google and Yahoo to distinguish between genuine queries and queries that came from the virus. Microsoft declined to comment on whether its new search engine MSN search had experienced a surge in users because of the failure of its rival sites. More on these topics: